podman: added openobserve podman service
This commit is contained in:
parent
f4e6635f8c
commit
54bb0d2913
|
@ -12,6 +12,7 @@ in
|
||||||
redmage.enable = lib.mkEnableOption "redmage podman";
|
redmage.enable = lib.mkEnableOption "redmage podman";
|
||||||
redmage-demo.enable = lib.mkEnableOption "redmage-demo podman";
|
redmage-demo.enable = lib.mkEnableOption "redmage-demo podman";
|
||||||
qbittorrent.enable = lib.mkEnableOption "qbittorrent podman";
|
qbittorrent.enable = lib.mkEnableOption "qbittorrent podman";
|
||||||
|
openobserve.enable = lib.mkEnableOption "openobserve podman";
|
||||||
|
|
||||||
servarr = {
|
servarr = {
|
||||||
enable = mkEnableOption "servarr group";
|
enable = mkEnableOption "servarr group";
|
||||||
|
|
|
@ -36,6 +36,7 @@
|
||||||
servarr.recyclarr.enable = true;
|
servarr.recyclarr.enable = true;
|
||||||
servarr.real-debrid-manager.enable = false;
|
servarr.real-debrid-manager.enable = false;
|
||||||
servarr.rdtclient.enable = true;
|
servarr.rdtclient.enable = true;
|
||||||
|
openobserve.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
docker = {
|
docker = {
|
||||||
|
|
22
secrets/openobserve.yaml
Normal file
22
secrets/openobserve.yaml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
openobserve:
|
||||||
|
env: ENC[AES256_GCM,data:c7XB9h82qCaV8MWTibJ2DUAjCDEgtjNvXi8B4tLfiJcws7Wfhhh5HQHiy/2Yc4q0h9QcQ9U/WNB05RVdX76H5UTsM7d9SbpG3/NW8d3yyiJlIZ7b/e4l3LD0HEM=,iv:pUcZ2S6mmFncs14HcRwEGSNh+/dz3Ut9M0kWVJwVkck=,tag:279V8olra+A1reKtZHnelQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZRmg5YURIdVNMVUFGbTNM
|
||||||
|
eXdWR0R1N09RMm4vSjRvUmw1VkV0SEFtN2s4CkhCcXgyNHFTU0hwMnNYdG5Sam9j
|
||||||
|
R21jcDY2MEhtVnZBckpsc010OEVqZmsKLS0tIDZtRmgzRWJZc1NLVVM0dkpwbUpL
|
||||||
|
Mk1OU0htcGIrWkUzdzFPZUxYb1JyeDAKQjXadi43Wr4yA89HDLsWACrHeUn265zG
|
||||||
|
qIU/QU6aO7bgoyflQfoppwD6bSqVrJMcTnTujIRA4xDtmCfNnP2cFQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-07-15T07:57:57Z"
|
||||||
|
mac: ENC[AES256_GCM,data:uY2pxpgCxOBlj2gGS+/CQ9u0pe6gYlMXlaLKfHjZwJyzAeLjKAE2DLxQVDxx1z2jxx9FoaBnmVEwIgZ399Nk0Ale8ZlN63nduzycTb0kY1Vq8+tNC5Z+LEBe6p54ORmAHQUpUpK8zG72tg3djqH4D3Lm/cyiDegp14PcmK3xRuM=,iv:EJY4zl+vuWR6GJOulF7XLhSBlwSZgq9u2BMLRPR74m0=,tag:1JU2MToCFisIqp1BC/2oNw==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -41,12 +41,13 @@ in
|
||||||
# 10.88.0.6 -> Suwayomi Flaresolverr
|
# 10.88.0.6 -> Suwayomi Flaresolverr
|
||||||
# 10.88.1.1 -> Pihole
|
# 10.88.1.1 -> Pihole
|
||||||
imports = [
|
imports = [
|
||||||
|
./openobserve.nix
|
||||||
./pihole.nix
|
./pihole.nix
|
||||||
./qbittorrent.nix
|
./qbittorrent.nix
|
||||||
./redmage-demo.nix
|
./redmage-demo.nix
|
||||||
./redmage.nix
|
./redmage.nix
|
||||||
|
./servarr
|
||||||
./suwayomi.nix
|
./suwayomi.nix
|
||||||
./ytptube.nix
|
./ytptube.nix
|
||||||
./servarr
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
53
system/podman/openobserve.nix
Normal file
53
system/podman/openobserve.nix
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
name = "openobserve";
|
||||||
|
podman = config.profile.podman;
|
||||||
|
inherit (lib) mkIf;
|
||||||
|
ip = "10.88.99.1";
|
||||||
|
image = "public.ecr.aws/zinclabs/openobserve:latest";
|
||||||
|
rootVolume = "/nas/podman/openobserve";
|
||||||
|
domain = "${name}.tigor.web.id";
|
||||||
|
user = config.profile.user;
|
||||||
|
uid = toString user.uid;
|
||||||
|
gid = toString user.gid;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = mkIf (podman.enable && podman.${name}.enable) {
|
||||||
|
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||||
|
reverse_proxy ${ip}:5080
|
||||||
|
'';
|
||||||
|
|
||||||
|
system.activationScripts."podman-${name}" = ''
|
||||||
|
mkdir -p ${rootVolume}/data
|
||||||
|
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/data
|
||||||
|
'';
|
||||||
|
|
||||||
|
sops.secrets."openobserve/env".sopsFile = ../../secrets/openobserve.yaml;
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.${name} = {
|
||||||
|
inherit image;
|
||||||
|
hostname = name;
|
||||||
|
autoStart = true;
|
||||||
|
user = "${uid}:${gid}";
|
||||||
|
environment = {
|
||||||
|
TZ = "Asia/Jakarta";
|
||||||
|
ZO_DATA_DIR = "/data";
|
||||||
|
ZO_WEB_URL = "https://${domain}";
|
||||||
|
};
|
||||||
|
volumes = [
|
||||||
|
"${rootVolume}/data:/data"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=podman"
|
||||||
|
"--ip=${ip}"
|
||||||
|
];
|
||||||
|
environmentFiles = [
|
||||||
|
config.sops.secrets."openobserve/env".path
|
||||||
|
];
|
||||||
|
labels = {
|
||||||
|
"io.containers.autoupdate" = "registry";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in a new issue